You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our proxy docs currently state that ISP and datacenter proxies provide a "static exit IP that stays consistent across all connections." That's only true within a single session — the managed proxy service does not pin the same egress IP across separate sessions.
This matters for managed auth: when health checks and reauth attempts run on different egress IPs, sites with adaptive auth may flag the IP shift and trigger a step-up challenge (one-time code, device verification) that the agent can't solve.
This PR clarifies:
ISP and datacenter proxies are stable within a session but not guaranteed across sessions.
For a truly static IP across the initial login and every subsequent health check / reauth, use a custom (BYO) proxy pointed at infrastructure you control.
Updated:
proxies/overview.mdx
proxies/isp.mdx
proxies/datacenter.mdx
auth/configuration.mdx
Test plan
Mintlify preview renders without broken links
Internal links to /proxies/custom and /auth/overview resolve
Note
Low Risk
Documentation-only changes that adjust wording around proxy IP rotation/stability; low risk aside from potentially changing user expectations and guidance for managed auth setups.
Overview
Clarifies in proxy and managed-auth docs that ISP and datacenter proxies have a stable exit IP only within a single browser session, and are not guaranteed to keep the same egress IP across sessions.
Updates guidance to direct users who need a truly static cross-session egress (e.g. IP allowlists or managed-auth health checks/reauth) toward using a custom (BYO) proxy, and adds cross-links from the ISP/datacenter pages back to proxies/overview.
Reviewed by Cursor Bugbot for commit b4abc50. Bugbot is set up for automated code reviews on this repo. Configure here.
Managed ISP/datacenter proxies are stable within a session but do not
guarantee the same egress IP across sessions. For destinations that need
a single static IP across every session — IP allowlists, managed-auth
connections whose health checks and reauths must look like the same
client — point a custom (BYO) proxy at infrastructure you control.
per-proxy pages now state only the per-session stability fact and link
to proxies/overview for the cross-session caveat, so the detailed
explanation lives in one place.
The reason will be displayed to describe this comment to others. Learn more.
Stale comment
Risk assessment: Very Low.
The diff only updates MDX documentation copy in auth/configuration.mdx, proxies/datacenter.mdx, proxies/isp.mdx, and proxies/overview.mdx to clarify managed proxy IP stability across sessions. There are no code, config, navigation, API, infrastructure, or runtime behavior changes, and I did not find a CODEOWNERS file requiring an owner review.
The PR is already approved at the current head commit, so I’m not re-approving it.
The reason will be displayed to describe this comment to others. Learn more.
Risk assessment: Very Low.
I assessed the current diff only. It changes copy in auth/configuration.mdx, proxies/datacenter.mdx, proxies/isp.mdx, and proxies/overview.mdx to clarify proxy exit IP stability. There are no code, config, navigation, infrastructure, API, or runtime behavior changes, and I found no CODEOWNERS file requiring owner review.
The PR already has an approval recorded, so I’m not re-approving it. The synchronized update does not increase risk, so no approval dismissal is needed.
- **[ISP](/proxies/isp)** and **[datacenter](/proxies/datacenter)** proxies provide a stable exit IP within a single session, but Kernel does not guarantee the same IP across sessions. Sites with adaptive auth that trigger a step-up challenge (one-time code, device verification) when the client IP changes may flag the IP shift between the initial login and a subsequent health check or reauth.
- **[Residential](/proxies/residential)** proxies rotate IPs per connection — use them when you need legitimacy from a real ISP pool but can tolerate IP changes.
- **[Custom (BYO)](/proxies/custom)** proxies route through whatever you point them at, so this is the right pick if you need a truly static IP under your own control (e.g. an allowlisted egress your security team owns).
- **[Custom (BYO)](/proxies/custom)** proxies route through whatever you point them at, so this is the right pick if you need a truly static IP that persists across the initial login and every subsequent health check and reauth (e.g. an allowlisted egress your security team owns).
The reason will be displayed to describe this comment to others. Learn more.
Deep IP-stability content duplicated across auth and proxy pages
Low Severity
The per-session-vs-cross-session IP stability explanation is now reproduced in depth in both auth/configuration.mdx and proxies/overview.mdx (and echoed in the ISP/datacenter pages). This same PR correctly applies the brief-summary-plus-link pattern in proxies/isp.mdx and proxies/datacenter.mdx, but auth/configuration.mdx instead expands the material inline (step-up challenges, health checks, reauth) without linking to the canonical proxy overview. The auth-specific implications are valuable, but the core factual content about session-scoped IP stability is duplicated rather than briefly summarized with a link-out.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Summary
Our proxy docs currently state that ISP and datacenter proxies provide a "static exit IP that stays consistent across all connections." That's only true within a single session — the managed proxy service does not pin the same egress IP across separate sessions.
This matters for managed auth: when health checks and reauth attempts run on different egress IPs, sites with adaptive auth may flag the IP shift and trigger a step-up challenge (one-time code, device verification) that the agent can't solve.
This PR clarifies:
Updated:
proxies/overview.mdxproxies/isp.mdxproxies/datacenter.mdxauth/configuration.mdxTest plan
/proxies/customand/auth/overviewresolveNote
Low Risk
Documentation-only changes that adjust wording around proxy IP rotation/stability; low risk aside from potentially changing user expectations and guidance for managed auth setups.
Overview
Clarifies in proxy and managed-auth docs that ISP and datacenter proxies have a stable exit IP only within a single browser session, and are not guaranteed to keep the same egress IP across sessions.
Updates guidance to direct users who need a truly static cross-session egress (e.g. IP allowlists or managed-auth health checks/reauth) toward using a custom (BYO) proxy, and adds cross-links from the ISP/datacenter pages back to
proxies/overview.Reviewed by Cursor Bugbot for commit b4abc50. Bugbot is set up for automated code reviews on this repo. Configure here.